ID

VAR-202110-0436


CVE

CVE-2021-31375


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

DESCRIPTION

An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2

Trust: 1.08

sources: NVD: CVE-2021-31375 // VULHUB: VHN-391123 // VULMON: CVE-2021-31375

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-31375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31375
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2021-31375
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-943
value: MEDIUM

Trust: 0.6

VULHUB: VHN-391123
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-31375
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-31375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391123
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31375
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2021-31375
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375 // NVD: CVE-2021-31375

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2021-31375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-943

PATCH

title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=167814

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-31375

Trust: 0.1

sources: VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943

EXTERNAL IDS

db:JUNIPERid:JSA11240

Trust: 1.8

db:NVDid:CVE-2021-31375

Trust: 1.8

db:CNNVDid:CNNVD-202110-943

Trust: 0.6

db:VULHUBid:VHN-391123

Trust: 0.1

db:VULMONid:CVE-2021-31375

Trust: 0.1

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375

REFERENCES

url:https://kb.juniper.net/jsa11240

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31375

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-31375

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391123 // VULMON: CVE-2021-31375 // CNNVD: CNNVD-202110-943 // NVD: CVE-2021-31375

SOURCES

db:VULHUBid:VHN-391123
db:VULMONid:CVE-2021-31375
db:CNNVDid:CNNVD-202110-943
db:NVDid:CVE-2021-31375

LAST UPDATE DATE

2024-08-14T14:50:06.239000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391123date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-31375date:2022-10-27T00:00:00
db:CNNVDid:CNNVD-202110-943date:2022-10-28T00:00:00
db:NVDid:CVE-2021-31375date:2022-10-27T16:33:57.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-391123date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31375date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-943date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31375date:2021-10-19T19:15:10.707